Class NfwFirewallPolicyConfig

NetworkConfig / CentralNetworkServicesConfig / NfwConfig / NfwFirewallPolicyConfig

Network Firewall policy configuration. Use this configuration to define a Network Firewall policy. An AWS Network Firewall firewall policy defines the monitoring and protection behavior for a firewall. The details of the behavior are defined in the rule groups that you add to your policy, and in some policy default settings.

See

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-networkfirewall-firewallpolicy.html

Example

- name: accelerator-nfw-policy
  firewallPolicy:
    statelessDefaultActions: ['aws:forward_to_sfe']
    statelessFragmentDefaultActions: ['aws:forward_to_sfe']
    statefulRuleGroups:
      - name: accelerator-stateful-group
    statelessRuleGroups:
      - name: accelerator-stateless-group
        priority: 100
  regions:
    - us-east-1
  shareTargets:
    organizationalUnits:
      - Root
  tags: []

Hierarchy

  • NfwFirewallPolicyConfig

Implements

Constructors

constructor

Properties

description firewallPolicy name regions shareTargets tags

Constructors

constructor

Properties

Readonly description

description: undefined | string = undefined

(OPTIONAL) A description for the policy.

Readonly firewallPolicy

firewallPolicy: NfwFirewallPolicyPolicyConfig = ...

Use this property to define specific behaviors and rule groups to associate with the policy.

See

NfwFirewallPolicyPolicyConfig

Readonly name

name: string = ''

A friendly name for the policy.

Remarks

CAUTION: Changing this property value after initial deployment causes the policy to be recreated. Please be aware that any downstream dependencies may cause this property update to fail.

Readonly regions

regions: string[] = []

The regions to deploy the policy to.

See

Region

Readonly shareTargets

shareTargets: undefined | ShareTargets = undefined

(OPTIONAL) Resource Access Manager (RAM) share targets.

Remarks

Targets can be account names and/or organizational units. Targets must be configured for account(s)/OU(s) that require access to the policy. A target is not required for the delegated admin account.

See

ShareTargets

Readonly tags

tags: undefined | Tag[] = undefined

(OPTIONAL) An array of tags for the policy.

Settings

Member Visibility

Theme

Generated using TypeDoc